The digital lives of many children are born shortly after they
are, when their parents start posting baby pictures on social media.
Over the years a child's digital trail lengthens, as the child and
parents share more information online.

Safeguarding children's
online privacy should be a family priority, security experts say, but
the challenge is becoming more complicated.

One new wrinkle is the
advent of connected toys. It was recently revealed that one toy company
might have left information from more than 800,000 user accounts highly
vulnerable to hackers, exposing more than 2 million audio messages
shared between children and their loved ones.

Be Wary of Connected Toys
Kids are more connected than ever. Even toys as simple as a teddy bear
now often come with a Bluetooth or WiFi connection that can send
information back and forth between the toy and a smartphone app or a
server somewhere.

That was the case with
CloudPets, a line of “smart” stuffed animals that lets family members
record personal messages for a child using a smartphone app, then send
them through the internet to the toy for the child to hear. Children can
also record their own messages using the stuffed animal and send them
to an approved list of recipients.

But researchers recently
concluded that the toy’s makers didn’t adequately protect it servers,
allowing hackers to gain access to user emails and secured passwords,
along with audio recordings. The researchers complained that Spiral
Toys, which owns the brand, had ignored repeated warnings about the
problem.

According to a Spiral
Toys statement, the company was notified of the problem on Feb. 22 and
"took immediate and swift action to protect the privacy of our
customers," requiring all customers to create new, stronger passwords.
The company said it hadn't seen evidence that message data had been
leaked.

It wasn’t the first time a
children's product was affected by security problems. In 2015, data
stored by tech toy maker VTech was breached, compromising the profiles
of 6.4 million kids, along with the 4.9 million parent accounts that
they were connected to. The information in the children's accounts
included names, ages, and genders, the company, based in Hong Kong, said
at the time.

How could such data be
used? Experts say a terrifying worst-case scenario would be an attempted
abduction, but a more likely outcome would be eventual credit card
fraud or identity theft. Privacy risks recently prompted German
officials to tell parents to get rid of an internet-connected doll
called "My Friend Cayla."

So what should parents do? Supplying toy companies with information
about your child may help them provide a more customized play
experience. But it's up to you to decide whether that benefit is worth
the information being shared.

One question to ask is
where data is stored. If it's just on the toy or in a smartphone app
connected by Bluetooth, the risks might be relatively small. But the
concerns are bigger in cases like CloudPets and VTech, in which data
gets sent to a server somewhere where it can potentially be stolen by
hackers.

Either way, there’s no
harm in playing it safe: You can always enter a fake birthday or name.
Or just pass on buying such toys in the first place.

Think Before You Post
Just like their physical security, your children’s digital security
starts with you, especially when they’re too young to fend for
themselves. So think before you post, and make sure you’re limiting who
can see the information.

“I think trying to
convince parents to not post photos of their newborn is probably
impossible,” says Lance Cottrell, chief scientist at the cybersecurity
firm Ntrepid. But parents may have unrealistic expectations of privacy.
“It’s like I want to hire a skywriter for my marriage proposal, but for
nobody else to read it.”

The mere act of releasing your child’s name, gender, hometown, and
birthday to the world gives hackers something to work with. But there
are common-sense ways parents can keep those posts from causing
problems, mainly by limiting who can see them.
For instance, using Facebook privacy settings, you can set your posts
to go to just your “friends,” rather than the entire world. If you want
to limit that circle even more, create a list of “close friends” and
set your posts to be visible only to them. A closed Facebook group,
which requires you to approve everyone who requests access, can work,
too. As a bonus, it will keep you from clogging the feeds of your
non-baby-crazy friends.
Parents should also think twice before posting pictures that could
reveals hints of a location, such as photos taken in front of their home
or child’s school, says Mike Raggo, chief research scientist at
ZeroFOX, a social media security company. On a related note, it's also
wise to wait until you get home before posting vacation photos. You
don’t want to reveal to would-be burglars that you’re away from home.

Talk to Your Kids
“The talk” doesn’t just refer to sex anymore. Talking to your kids about
proper internet usage and the consequences that bad online behavior can
have is almost as important, but hopefully not as uncomfortable, a
subject.

And it’s a wide-ranging
topic, too. Just like their parents, kids need to know everything from
how to set a strong password to how to spot phishing emails, as well as
what can happen if they send an angry tweet or post a suggestive
picture, says Michael Moniz, CEO and founder of the cybersecurity firm
Circadence.

On top of that, kids can face cyberbullying and need to know what to
do if one of their classmates posts a threat of violence on social
media.
“We’re ships and travelers moving through the cyber world,” Moniz
says. “If you’re anything of value, you’re going to be a target and
parents have to be aware of that. We have to be good guides and give our
kids the skills they need to navigate it.”

Most importantly, kids
need to be reminded that what they post online becomes part of their
“digital DNA” that will always remain online “no matter how much they
try to scrub it away,” he says. Those posts will follow them when they
apply to college or for a job down the road.

Be a 'Friend'
Moniz says that he required his own kids to give him their passwords if
they wanted to have social media accounts, though he acknowledged that
other parents see that as too “big brotherish.”

But the bottom line is
parents need to keep tabs on their kids’ social media accounts one way
or another, whether by just being their “friend” or by using software
that monitors their activities.

And when parents see their child’s peers do something inappropriate
online, they should talk to their child about it and use it as a
teachable moment, Moniz says.

On the other hand,
Cottrell warns that if parents become too intrusive or even hostile to
their children’s activities, it could prompt the kids to move to another
social media platform that their parents don’t know about, or to set up
shadow accounts.

“You need to remember
that they’re digital natives and are probably better able to navigate
the internet than you are,” he says.

Be a Parent First
These technology judgment calls aren't just about safety.

Remember that dad who
would stand in the front row with his giant camcorder during your
childhood ballet recitals, blocking everyone’s view?

Social media has made
that so much worse. Now you have crowds of parents with smartphones
shoving each other to get the perfect shot. And they’re so worried about
creating the perfect Instagram post that they’re not enjoying what
they’re watching.

“People are spending a
significant amount of time not parenting. They’re taking away the
enjoyment of the moment,” he says. “We need to be less focused on
‘likes’ and more focused on our relationships with our children.”

“As a parent in the digital age, I struggle with this, too," he says. "How much is too much?”